fixup! all: Implement server-side OAuth2 protocol.

Migrate oauth2_session_refresh_interaction_workflow to new-style workflows.

bt5/erp5_oauth2_authorisation/WorkflowTemplateItem/portal_workflow/oauth2_session_refresh_interaction_workflow.xml

@@ -2,40 +2,44 @@
 <ZopeData>
   <record id="1" aka="AAAAAAAAAAE=">
     <pickle>
-      <global name="InteractionWorkflowDefinition" module="Products.ERP5.InteractionWorkflow"/>
+      <global name="Interaction Workflow" module="erp5.portal_type"/>
     </pickle>
     <pickle>
       <dictionary>
         <item>
-            <key> <string>_objects</string> </key>
+            <key> <string>_count</string> </key>
             <value>
-              <tuple/>
+              <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
             </value>
         </item>
         <item>
-            <key> <string>creation_guard</string> </key>
+            <key> <string>_mt_index</string> </key>
             <value>
-              <none/>
+              <persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
             </value>
         </item>
+        <item>
+            <key> <string>_tree</string> </key>
+            <value>
+              <persistent> <string encoding="base64">AAAAAAAAAAQ=</string> </persistent>
+            </value>
+        </item>
+        <item>
+            <key> <string>default_reference</string> </key>
+            <value> <string>oauth2_session_refresh_interaction_workflow</string> </value>
+        </item>
         <item>
             <key> <string>description</string> </key>
             <value> <string>Calls refreshAccessToken on all OAuth2 Session documents related to a given user when their security groups change.\r\n
 Requires customisation (supplementing with a similar custom interaction workflow) when security groups are generated using a non-generic script.</string> </value>
         </item>
-        <item>
-            <key> <string>groups</string> </key>
-            <value>
-              <tuple/>
-            </value>
-        </item>
         <item>
             <key> <string>id</string> </key>
             <value> <string>oauth2_session_refresh_interaction_workflow</string> </value>
         </item>
         <item>
-            <key> <string>manager_bypass</string> </key>
-            <value> <int>0</int> </value>
+            <key> <string>portal_type</string> </key>
+            <value> <string>Interaction Workflow</string> </value>
         </item>
         <item>
             <key> <string>title</string> </key>
@@ -44,4 +48,26 @@ Requires customisation (supplementing with a similar custom interaction workflow
       </dictionary>
     </pickle>
   </record>
+  <record id="2" aka="AAAAAAAAAAI=">
+    <pickle>
+      <global name="Length" module="BTrees.Length"/>
+    </pickle>
+    <pickle> <int>0</int> </pickle>
+  </record>
+  <record id="3" aka="AAAAAAAAAAM=">
+    <pickle>
+      <global name="OOBTree" module="BTrees.OOBTree"/>
+    </pickle>
+    <pickle>
+      <none/>
+    </pickle>
+  </record>
+  <record id="4" aka="AAAAAAAAAAQ=">
+    <pickle>
+      <global name="OOBTree" module="BTrees.OOBTree"/>
+    </pickle>
+    <pickle>
+      <none/>
+    </pickle>
+  </record>
 </ZopeData>

bt5/erp5_oauth2_authorisation/WorkflowTemplateItem/portal_workflow/oauth2_session_refresh_interaction_workflow/interaction_assignment.xml

+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="Interaction Workflow Interaction" module="erp5.portal_type"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>categories</string> </key>
+            <value>
+              <tuple>
+                <string>before_commit_script/portal_workflow/oauth2_session_refresh_interaction_workflow/script_onAssignmentChange</string>
+              </tuple>
+            </value>
+        </item>
+        <item>
+            <key> <string>description</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>interaction_assignment</string> </value>
+        </item>
+        <item>
+            <key> <string>portal_type</string> </key>
+            <value> <string>Interaction Workflow Interaction</string> </value>
+        </item>
+        <item>
+            <key> <string>portal_type_filter</string> </key>
+            <value>
+              <tuple>
+                <string>Assignment</string>
+              </tuple>
+            </value>
+        </item>
+        <item>
+            <key> <string>portal_type_group_filter</string> </key>
+            <value>
+              <tuple/>
+            </value>
+        </item>
+        <item>
+            <key> <string>temporary_document_disallowed</string> </key>
+            <value> <int>1</int> </value>
+        </item>
+        <item>
+            <key> <string>trigger_method_id</string> </key>
+            <value>
+              <tuple>
+                <string>_set.*</string>
+                <string>open</string>
+                <string>update</string>
+              </tuple>
+            </value>
+        </item>
+        <item>
+            <key> <string>trigger_once_per_transaction</string> </key>
+            <value> <int>0</int> </value>
+        </item>
+        <item>
+            <key> <string>trigger_type</string> </key>
+            <value> <int>2</int> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>

bt5/erp5_oauth2_authorisation/WorkflowTemplateItem/portal_workflow/oauth2_session_refresh_interaction_workflow/interaction_session.xml

+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="Interaction Workflow Interaction" module="erp5.portal_type"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>categories</string> </key>
+            <value>
+              <tuple>
+                <string>after_script/portal_workflow/oauth2_session_refresh_interaction_workflow/script_refreshOAuth2Session</string>
+              </tuple>
+            </value>
+        </item>
+        <item>
+            <key> <string>description</string> </key>
+            <value> <string>React to selected properties changing on the session itself to trigger a token refresh.</string> </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>interaction_session</string> </value>
+        </item>
+        <item>
+            <key> <string>portal_type</string> </key>
+            <value> <string>Interaction Workflow Interaction</string> </value>
+        </item>
+        <item>
+            <key> <string>portal_type_filter</string> </key>
+            <value>
+              <tuple>
+                <string>OAuth2 Session</string>
+              </tuple>
+            </value>
+        </item>
+        <item>
+            <key> <string>portal_type_group_filter</string> </key>
+            <value>
+              <tuple/>
+            </value>
+        </item>
+        <item>
+            <key> <string>temporary_document_disallowed</string> </key>
+            <value> <int>0</int> </value>
+        </item>
+        <item>
+            <key> <string>trigger_method_id</string> </key>
+            <value>
+              <tuple>
+                <string>_setPolicyExpirationDate</string>
+                <string>_setNetwork.*</string>
+              </tuple>
+            </value>
+        </item>
+        <item>
+            <key> <string>trigger_once_per_transaction</string> </key>
+            <value> <int>0</int> </value>
+        </item>
+        <item>
+            <key> <string>trigger_type</string> </key>
+            <value> <int>2</int> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>

bt5/erp5_oauth2_authorisation/WorkflowTemplateItem/portal_workflow/oauth2_session_refresh_interaction_workflow/interactions.xml

-<?xml version="1.0"?>
-<ZopeData>
-  <record id="1" aka="AAAAAAAAAAE=">
-    <pickle>
-      <global name="Interaction" module="Products.ERP5.Interaction"/>
-    </pickle>
-    <pickle>
-      <dictionary>
-        <item>
-            <key> <string>_mapping</string> </key>
-            <value>
-              <dictionary/>
-            </value>
-        </item>
-        <item>
-            <key> <string>_objects</string> </key>
-            <value>
-              <tuple/>
-            </value>
-        </item>
-        <item>
-            <key> <string>id</string> </key>
-            <value> <string>interactions</string> </value>
-        </item>
-      </dictionary>
-    </pickle>
-  </record>
-</ZopeData>

bt5/erp5_oauth2_authorisation/WorkflowTemplateItem/portal_workflow/oauth2_session_refresh_interaction_workflow/script_onAssignmentChange.py

+# Proxy role: Manager, because the originator for the event which triggered
+# this interaction may have been using a proxy role itself, and we should
+# not limit what can be done on Assignments, but just follow what is being
+# done.
+context.getPortalObject().ERP5Site_refreshUserRelatedOAuth2SessionSet(
+  user_value_list=(state_change['object'].getParentValue(), ),
+)

bt5/erp5_oauth2_authorisation/WorkflowTemplateItem/portal_workflow/oauth2_session_refresh_interaction_workflow/script_onAssignmentChange.xml

+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="Workflow Script" module="erp5.portal_type"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>Script_magic</string> </key>
+            <value> <int>3</int> </value>
+        </item>
+        <item>
+            <key> <string>_bind_names</string> </key>
+            <value>
+              <object>
+                <klass>
+                  <global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
+                </klass>
+                <tuple/>
+                <state>
+                  <dictionary>
+                    <item>
+                        <key> <string>_asgns</string> </key>
+                        <value>
+                          <dictionary>
+                            <item>
+                                <key> <string>name_container</string> </key>
+                                <value> <string>container</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_context</string> </key>
+                                <value> <string>context</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_m_self</string> </key>
+                                <value> <string>script</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_subpath</string> </key>
+                                <value> <string>traverse_subpath</string> </value>
+                            </item>
+                          </dictionary>
+                        </value>
+                    </item>
+                  </dictionary>
+                </state>
+              </object>
+            </value>
+        </item>
+        <item>
+            <key> <string>_params</string> </key>
+            <value> <string>state_change</string> </value>
+        </item>
+        <item>
+            <key> <string>_proxy_roles</string> </key>
+            <value>
+              <tuple>
+                <string>Manager</string>
+              </tuple>
+            </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>script_onAssignmentChange</string> </value>
+        </item>
+        <item>
+            <key> <string>portal_type</string> </key>
+            <value> <string>Workflow Script</string> </value>
+        </item>
+        <item>
+            <key> <string>title</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>

bt5/erp5_oauth2_authorisation/WorkflowTemplateItem/portal_workflow/oauth2_session_refresh_interaction_workflow/script_refreshOAuth2Session.py

+# Proxy role: Manager, because the originator for the event which triggered
+# this interaction may have been using a proxy role itself, and we should
+# not limit what can be done on Assignments, but just follow what is being
+# done.
+state_change['object'].refreshAccessToken()

bt5/erp5_oauth2_authorisation/WorkflowTemplateItem/portal_workflow/oauth2_session_refresh_interaction_workflow/script_refreshOAuth2Session.xml

+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="Workflow Script" module="erp5.portal_type"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>Script_magic</string> </key>
+            <value> <int>3</int> </value>
+        </item>
+        <item>
+            <key> <string>_bind_names</string> </key>
+            <value>
+              <object>
+                <klass>
+                  <global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
+                </klass>
+                <tuple/>
+                <state>
+                  <dictionary>
+                    <item>
+                        <key> <string>_asgns</string> </key>
+                        <value>
+                          <dictionary>
+                            <item>
+                                <key> <string>name_container</string> </key>
+                                <value> <string>container</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_context</string> </key>
+                                <value> <string>context</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_m_self</string> </key>
+                                <value> <string>script</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_subpath</string> </key>
+                                <value> <string>traverse_subpath</string> </value>
+                            </item>
+                          </dictionary>
+                        </value>
+                    </item>
+                  </dictionary>
+                </state>
+              </object>
+            </value>
+        </item>
+        <item>
+            <key> <string>_params</string> </key>
+            <value> <string>state_change</string> </value>
+        </item>
+        <item>
+            <key> <string>_proxy_roles</string> </key>
+            <value>
+              <tuple>
+                <string>Manager</string>
+              </tuple>
+            </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>script_refreshOAuth2Session</string> </value>
+        </item>
+        <item>
+            <key> <string>portal_type</string> </key>
+            <value> <string>Workflow Script</string> </value>
+        </item>
+        <item>
+            <key> <string>title</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>

bt5/erp5_oauth2_authorisation/WorkflowTemplateItem/portal_workflow/oauth2_session_refresh_interaction_workflow/scripts.xml

-<?xml version="1.0"?>
-<ZopeData>
-  <record id="1" aka="AAAAAAAAAAE=">
-    <pickle>
-      <global name="Scripts" module="Products.DCWorkflow.Scripts"/>
-    </pickle>
-    <pickle>
-      <dictionary>
-        <item>
-            <key> <string>_mapping</string> </key>
-            <value>
-              <dictionary/>
-            </value>
-        </item>
-        <item>
-            <key> <string>_objects</string> </key>
-            <value>
-              <tuple/>
-            </value>
-        </item>
-        <item>
-            <key> <string>id</string> </key>
-            <value> <string>scripts</string> </value>
-        </item>
-      </dictionary>
-    </pickle>
-  </record>
-</ZopeData>

bt5/erp5_oauth2_authorisation/WorkflowTemplateItem/portal_workflow/oauth2_session_refresh_interaction_workflow/variables.xml

-<?xml version="1.0"?>
-<ZopeData>
-  <record id="1" aka="AAAAAAAAAAE=">
-    <pickle>
-      <global name="Variables" module="Products.DCWorkflow.Variables"/>
-    </pickle>
-    <pickle>
-      <dictionary>
-        <item>
-            <key> <string>_mapping</string> </key>
-            <value>
-              <dictionary/>
-            </value>
-        </item>
-        <item>
-            <key> <string>id</string> </key>
-            <value> <string>variables</string> </value>
-        </item>
-      </dictionary>
-    </pickle>
-  </record>
-</ZopeData>

bt5/erp5_oauth2_authorisation/WorkflowTemplateItem/portal_workflow/oauth2_session_refresh_interaction_workflow/worklists.xml

-<?xml version="1.0"?>
-<ZopeData>
-  <record id="1" aka="AAAAAAAAAAE=">
-    <pickle>
-      <global name="Worklists" module="Products.DCWorkflow.Worklists"/>
-    </pickle>
-    <pickle>
-      <dictionary>
-        <item>
-            <key> <string>_mapping</string> </key>
-            <value>
-              <dictionary/>
-            </value>
-        </item>
-        <item>
-            <key> <string>id</string> </key>
-            <value> <string>worklists</string> </value>
-        </item>
-      </dictionary>
-    </pickle>
-  </record>
-</ZopeData>